The guidance is intended to explain what data controllers must include in contracts; and what responsibilities and liabilities data
processors have under the GDPR.

As a sign of the complexity and uncertainty in this area, the ICO adds that its guidance "will need to continue to evolve to
take account of any guidelines issued in future by relevant European authorities... as well as our developing experience of applying the law in practice"...